The company that I work for has been warned by our T1 provider to stop being an open relay for spam. I have tried in vain to make it so. Below are examples of what I have done and the results. And at the end is a little bit about the company.. it's more than ppl from our company emailing each other back and forth but a multitude of ppl from other domains since we are a web hosting company emailing everybody from various locations.
Actions taken:
1. In Microsoft Exchange 5.5 under Connections --> Internet Mail Service(Email) --> Connections tab. I highlighted the Accept Connections only from hosts using Authentication. We could send out email but we could not receive email from ppl outside of our domains. I then checked Clients can only submit if authentication account matches submission address. That too allowed us to send email out but not receive email from ppl outside of our domains. So I changed it back to not being checked in both of them.
2. In Winnt/system32/drivers/etc/Services, I changed the
smtp 25/tcp mail
to
#smtp 25/tcp mail
and then created this line
smtp 27/tcp mail
which is an open port on the system. Again we could send out email but could not receive the email. The interesting thing about this is that in step 1 ppl would automatically receive their email back to them. In this instance it just waited until it could be sent. I changed it back to 25 and it worked fine again and I received the emails sent out from here with no problems.
The email below says what is wrong with the system and some links. I have tried in vain looking for a program like DRAC - Dynamic Relay Authorization Control - for Windows but it does not appear to exist. What that does is places the IP address of the pop user which was authenticated into a holding bin and then that user can send out mail for up to 30 minutes. If the user's IP address is not found in the bin then that user cannot send out email. Then the problem with this is that Outlook 2000, Outlook Express, and some other clients email use the SMTP server first to send out mail before receiving it.
We have around 200 email addresses from different domains. Each client has the possibility of roaming and they are using different ISPs, which also will allow them to bring up different IP numbers each time they log in. With that in mind I could not go through the logs of valid users and expect them to remain the same for my own list of ppl that can submit emails. Each user expects to be able to send and receive from their home computer or laptop wherever they may be. Therefore we need some sort of relay ability but not users that do not match the list of users in the User directory on our Windows domain.
Thank you in advance.
dave
Dave Highfield
dave@dullesmicro.com
I couldn't think of a sig so here it is.
Actions taken:
1. In Microsoft Exchange 5.5 under Connections --> Internet Mail Service(Email) --> Connections tab. I highlighted the Accept Connections only from hosts using Authentication. We could send out email but we could not receive email from ppl outside of our domains. I then checked Clients can only submit if authentication account matches submission address. That too allowed us to send email out but not receive email from ppl outside of our domains. So I changed it back to not being checked in both of them.
2. In Winnt/system32/drivers/etc/Services, I changed the
smtp 25/tcp mail
to
#smtp 25/tcp mail
and then created this line
smtp 27/tcp mail
which is an open port on the system. Again we could send out email but could not receive the email. The interesting thing about this is that in step 1 ppl would automatically receive their email back to them. In this instance it just waited until it could be sent. I changed it back to 25 and it worked fine again and I received the emails sent out from here with no problems.
The email below says what is wrong with the system and some links. I have tried in vain looking for a program like DRAC - Dynamic Relay Authorization Control - for Windows but it does not appear to exist. What that does is places the IP address of the pop user which was authenticated into a holding bin and then that user can send out mail for up to 30 minutes. If the user's IP address is not found in the bin then that user cannot send out email. Then the problem with this is that Outlook 2000, Outlook Express, and some other clients email use the SMTP server first to send out mail before receiving it.
We have around 200 email addresses from different domains. Each client has the possibility of roaming and they are using different ISPs, which also will allow them to bring up different IP numbers each time they log in. With that in mind I could not go through the logs of valid users and expect them to remain the same for my own list of ppl that can submit emails. Each user expects to be able to send and receive from their home computer or laptop wherever they may be. Therefore we need some sort of relay ability but not users that do not match the list of users in the User directory on our Windows domain.
Thank you in advance.
dave
Dave Highfield
dave@dullesmicro.com
I couldn't think of a sig so here it is.
